I'm a privacy pragmatist, writing about the intersection of law, technology, social media and our personal information. If you have story ideas or tips, e-mail me at khill@forbes.com. PGP key here.
These days, I'm a senior online editor at Forbes. I was previously an editor at Above the Law, a legal blog, relying on the legal knowledge gained from two years working for corporate law firm Covington & Burling -- a Cliff's Notes version of law school.
In the past, I've been found slaving away as an intern in midtown Manhattan at The Week Magazine, in Hong Kong at the International Herald Tribune, and in D.C. at the Washington Examiner. I also spent a few years traveling the world managing educational programs for international journalists for the National Press Foundation.
I have few illusions about privacy -- feel free to follow me on Twitter: kashhill, subscribe to me on Facebook, Circle me on Google+, or use Google Maps to figure out where the Forbes San Francisco bureau is, and come a-knockin'.

Facebook Lays Out All Of Its New Targeting Techniques In One Easy-To-Read Blog Post

In the last few months, Facebook has made significant changes to the way advertising works on its site. As some predicted, Facebook’s going public and needing to drum up more revenue has resulted in the company dipping its hands deeper into users’ data to monetize it. More than that, those hands are starting to pull in data from outside of the Facebook kingdom. Privacy engineer Joey Tyson lays out the three big “innovations” in Facebook advertising from the last few months in a Facebook blog post, and argues that the company “carefully designed our versions of the features with your privacy in mind.”

It used to be that advertisers tried to reach a particular audience, i.e., “25-year-old men that like sports cars and Little Ponies.” But now advertisers are finding ways to target specific people, i.e. the guy they know has the email address “IamaBrony@gmail.com.” Thanks to “Custom Audiences,” if a marketer knows your email address or phone number, they can tell Facebook to specifically target you with an ad. Tyson writes:

For example, a shoe store might want to show a special offer to people who have already bought shoes from them. The store can provide us with “hashes” of their customers’ email addresses so that we can show those same people the ad without the store having to send us the actual email addresses. These hashes are bits of text that uniquely identify a piece of data (such as an email address) but are designed to protect against reverse engineering which would reveal that data. Since Facebook and the store use the same method to create each hash, we can compare the store’s hashes to hashes of addresses in our records and show the ad to any group of users that match. If a hash from the store does not match any of ours, we discard it without ever discovering the corresponding email address and without storing any information that we did not have before. And once we no longer need the hashes that do match, we delete them too.

Facebook is not the only tech company making it easier to target specific people with ads. This summer, ProPublica detailed how Microsoft and Yahoo are now allowing advertisers to target specific people with ads if they know their email addresses. That means ads are starting to become like direct mail, except those who see the ads don’t realize it, because their address isn’t on the front of the digital envelope.

2. Advertisers can now target people with Facebook ads based on their Web browsing and searching outside of Facebook.

“Facebook Exchange” lets advertisers target ads at customers who have visited their site. So if you looked at some scandalous lingerie on Sears.com, for example, you might start seeing ads for that lingerie the next time you’re on Facebook, should Sears wish. Writes Tyson:

Facebook Exchange (FBX) gives marketers an opportunity to bid on showing ads in real time. Approved third-party service providers work with Facebook and marketers to enable this process. We agree with a provider on an ID number (separate from your Facebook ID) for each visitor’s browser. If someone then visits Facebook and his or her browser has that ID, we notify the service provider, who tells us when a marketer wants to show a particular ad. This allows marketers to show you ads relevant to your existing relationship with them – and without them needing to send us any personal information about you.

By now, most of us are used to products that seem to follow us around the Web after we look at them once. Now the ads can trail us off-road into the Facebook forest. Users can opt out of this, but not through Facebook. They have to visit the opt-outs of the third party platforms (that they’ve never heard of before) that are doing the ad matching (TellApart, Triggit, Turn, DataXu, MediaMath, AppNexus, TheTradeDesk, and AdRoll).

3. Facebook is tracking what users buy in stores so it can tell advertisers that their ads work.

Facebook has partnered with a Colorado-based company named Datalogix which has a vast database of what we buy thanks to its access to information from stores’ loyalty card programs. Facebook can now tell advertisers that after seeing a specific ad, x% of users bought the product. Writes Tyson:

Because of our commitment to privacy, we had an industry-leading auditing firm evaluate the privacy implications of this process. The auditor confirmed that, throughout this process, Datalogix is not allowed to learn more about you from Facebook profile information. Similarly, Datalogix does not send us any of their purchase data, meaning we cannot specifically tell whether or not you purchased a marketer’s product. Finally, with this partnership, Datalogix only sends the marketer aggregate information about large groups of people. None of this data is attributable to an individual Facebook user.

Tyson ends the post by reminding users that “advertising helps keep Facebook free.” Tyson, known on Twitter as TheHarmonyGuy, appears to be taking questions there about the post if you’re interested.

If nothing else, I’m impressed that “privacy engineer” is a job title that exists now.

Post Your Comment

Post Your Reply

Forbes writers have the ability to call out member comments they find particularly interesting. Called-out comments are highlighted across the Forbes network. You'll be notified if your comment is called out.

Comments

I wonder if the Internet will ever be able to learn that I made an online purchase when presenting ads.

Case in point- I recently bought a new pair of New Balance walking shoes online. I get (though it is creepy) Google splashing me with ads for these shoes everywhere because I searched for them on Google.

But the thing is, I bought the shoes- they were delivered yesterday. I’m no longer in the market for walking shoes, and won’t be for another year or more. But almight Google hasn’t quite figured that part out yet, and I’ll continue to get ads for walking shoes until I search for something else.

Unfortunately most companies conflate privacy engineer with “privacy and security” engineer (i.e. Joey Tyson’s title at Facebook according to his blog). Privacy is not security. I can securely invade your privacy.

Now that Facebook allows you to target the audience, it gives marketers and social media strategists an enormous opportunity to leverage those posts to a specific audience. Instead of creating a post for a general audience, they now have the creativity and flexibility to make a post specific to an age group, gender, location, etc. ZOG Digital wrote an informational piece on what this means for advertisers, marketers, etc. Read more about it- http://www.zogdigital.com/#!/learn/facebook-newsfeed-hypertargeting

This is why I don’t pay attention to advertising at all whatsoever. It doesn’t even register as ‘information my mind wants to process’. My mind picks up each block of website-area as a different type of category and totally filters ads.